Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json.

pages/cms/newsletter.vue

@@ -168,7 +168,7 @@
                       </div>
                       <div
                         class="text-sm text-gray-600 prose prose-sm max-w-none mb-3"
-                        v-html="post.content.substring(0, 200) + (post.content.length > 200 ? '...' : '')"
+                        v-html="useSanitizeHtml(post.content.substring(0, 200) + (post.content.length > 200 ? '...' : ''))"
                       />
                       
                       <!-- Empfängerliste (collapsible) -->
@@ -770,6 +770,7 @@
 import { ref, computed, onMounted } from 'vue'
 import { Plus, Loader2, Users, Trash2 } from 'lucide-vue-next'
 import RichTextEditor from '~/components/RichTextEditor.vue'
+import { useSanitizeHtml } from '~/composables/useSanitizeHtml'
 
 const authStore = useAuthStore()
 

pages/verein/geschichte.vue

@@ -13,9 +13,12 @@
 </template>
 
 <script setup>
-import { ref, onMounted } from 'vue'
+import { ref, onMounted, computed } from 'vue'
+import { useSanitizeHtml } from '~/composables/useSanitizeHtml'
 
-const content = ref('')
+const rawContent = ref('')
+
+const content = computed(() => useSanitizeHtml(rawContent.value))
 
 useHead({
   title: 'Geschichte - Harheimer TC',
@@ -24,9 +27,9 @@ useHead({
 async function loadConfig() {
   try {
     const data = await $fetch('/api/config')
-    content.value = data?.seiten?.geschichte || ''
+    rawContent.value = data?.seiten?.geschichte || ''
   } catch (e) {
-    content.value = ''
+    rawContent.value = ''
   }
 }
 

pages/verein/satzung.vue

@@ -43,11 +43,14 @@
 </template>
 
 <script setup>
-import { ref, onMounted } from 'vue'
+import { ref, onMounted, computed } from 'vue'
+import { useSanitizeHtml } from '~/composables/useSanitizeHtml'
 
-const content = ref('')
+const rawContent = ref('')
 const pdfUrl = ref('')
 
+const content = computed(() => useSanitizeHtml(rawContent.value))
+
 useHead({
   title: 'Satzung - Harheimer TC',
 })
@@ -57,11 +60,11 @@ async function loadConfig() {
     const data = await $fetch('/api/config')
     const satzung = data?.seiten?.satzung
     if (satzung) {
-      content.value = satzung.content || ''
+      rawContent.value = satzung.content || ''
       pdfUrl.value = satzung.pdfUrl || ''
     }
   } catch (e) {
-    content.value = ''
+    rawContent.value = ''
     pdfUrl.value = ''
   }
 }

pages/verein/tt-regeln.vue

@@ -13,9 +13,12 @@
 </template>
 
 <script setup>
-import { ref, onMounted } from 'vue'
+import { ref, onMounted, computed } from 'vue'
+import { useSanitizeHtml } from '~/composables/useSanitizeHtml'
 
-const content = ref('')
+const rawContent = ref('')
+
+const content = computed(() => useSanitizeHtml(rawContent.value))
 
 useHead({
   title: 'TT-Regeln - Harheimer TC',
@@ -24,9 +27,9 @@ useHead({
 async function loadConfig() {
   try {
     const data = await $fetch('/api/config')
-    content.value = data?.seiten?.ttRegeln || ''
+    rawContent.value = data?.seiten?.ttRegeln || ''
   } catch (e) {
-    content.value = ''
+    rawContent.value = ''
   }
 }
 

pages/verein/ueber-uns.vue

@@ -13,9 +13,12 @@
 </template>
 
 <script setup>
-import { ref, onMounted } from 'vue'
+import { ref, onMounted, computed } from 'vue'
+import { useSanitizeHtml } from '~/composables/useSanitizeHtml'
 
-const content = ref('')
+const rawContent = ref('')
+
+const content = computed(() => useSanitizeHtml(rawContent.value))
 
 useHead({
   title: 'Über uns - Harheimer TC',
@@ -24,9 +27,9 @@ useHead({
 async function loadConfig() {
   try {
     const data = await $fetch('/api/config')
-    content.value = data?.seiten?.ueberUns || ''
+    rawContent.value = data?.seiten?.ueberUns || ''
   } catch (e) {
-    content.value = ''
+    rawContent.value = ''
   }
 }